Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove Event-Stream Dependency from all Projects #165

Merged
merged 2 commits into from
Nov 30, 2018
Merged

Remove Event-Stream Dependency from all Projects #165

merged 2 commits into from
Nov 30, 2018

Conversation

pr1sm
Copy link
Collaborator

@pr1sm pr1sm commented Nov 29, 2018
edited by walmat
Loading

Changes

  • Upgrade the dependency of npm-run-all to remove the event-stream dependency
  • Upgrade the dependency of nodemon to remove the event-stream dependency

Checks

  • CI passes
  • Coverage (<2%∆)
  • Manual Checks
    • event-stream is not in the node_modules folder. For each project we are using (discord-bot, frontend, nebula-api, and task-runner), perform the following steps after checkout of this branch:
      • Remove node_modules and package-lock (rm -rf node_modules/ and rm -rf package-lock.json)
      • Perform and install (npm install)
      • Check for event stream (npm ls event-stream)
      • Confirm the result is empty

fixes #159

@pr1sm
Upgrade npm-run-all dependency
6144244 
This commit updates the npm-run-all dependency to remove the security bug referenced in mysticatea/npm-run-all#150
@pr1sm
Bump nodemon dependency
a91c55c 
This commit updates the nodemon dependency to a version that removes the event-stream vulnerability (https://github.com/remy/nodemon/releases/tag/v1.18.7). For more details on the vulnerability, see dominictarr/event-stream#116.
@pr1sm pr1sm added the type:bug Something isn't working label Nov 29, 2018
@pr1sm pr1sm added this to the Beta 1 Release milestone Nov 29, 2018
@pr1sm pr1sm requested a review from walmat November 29, 2018 23:02
@pr1sm pr1sm added area:frontend Related to Nebula's Frontend Electron app area:task-runner Related to Nebula's Task Runner package area:api Related to Nebula's Public API area:discord-bot Related to Nebula's Discord Bot labels Nov 29, 2018
@walmat
Copy link
Owner

walmat commented Nov 30, 2018

merging..

@walmat walmat merged commit e58f7ca into master Nov 30, 2018
walmat
walmat reviewed Nov 30, 2018
View reviewed changes
Copy link
Owner

@walmat walmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Ran all checks.

@walmat walmat deleted the issue_159 branch November 30, 2018 01:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@walmat walmat walmat left review comments

Assignees
No one assigned
Labels
area:api Related to Nebula's Public API area:discord-bot Related to Nebula's Discord Bot area:frontend Related to Nebula's Frontend Electron app area:task-runner Related to Nebula's Task Runner package type:bug Something isn't working
Projects
None yet
Milestone
Beta 1 Release
Development

Successfully merging this pull request may close these issues.

Remove transitive event-stream dependencies
2 participants
@pr1sm @walmat